Z
Zentiya
HomeLegalData Processing Agreement
GDPR Compliant DPA

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the "Customer" or "Data Controller") and Zentiya by LTK Soft Pvt Ltd ("Zentiya," "we," "us," or "Data Processor").

Last Updated: January 15, 2025Effective Date: January 1, 2025

This Data Processing Agreement reflects the parties' agreement with regard to the processing of personal data in accordance with the requirements of applicable data protection laws, including the EU General Data Protection Regulation 2016/679 ("GDPR") and other applicable data protection laws.

1. Definitions

"Personal Data"

means any information relating to an identified or identifiable natural person that is processed by Zentiya on behalf of the Customer pursuant to or in connection with the Terms of Service.

"Data Controller"

means the Customer, who determines the purposes and means of the processing of Personal Data.

"Data Processor"

means Zentiya, who processes Personal Data on behalf of the Customer.

"Data Subject"

means the individual to whom Personal Data relates, including but not limited to customers, employees, and end-users of the Customer.

"Sub-processor"

means any third party appointed by Zentiya to process Personal Data on behalf of the Customer.

"Data Protection Laws"

means all applicable laws and regulations relating to privacy and data protection, including GDPR, CCPA, and other relevant legislation.

2. Scope & Application

2.1 Agreement Scope

This DPA applies to all processing of Personal Data by Zentiya on behalf of the Customer in connection with the provision of Zentiya's retail management platform and related services.

2.2 Types of Personal Data

Zentiya may process the following categories of Personal Data:

  • Customer contact information (name, email, phone number)
  • Transaction data (purchase history, payment information)
  • Inventory and product data
  • Employee information (if applicable)
  • End-user data collected through the platform
  • Usage data and analytics
  • Communication records

2.3 Data Subjects

Personal Data may relate to the following categories of Data Subjects:

  • The Customer's customers and end-users
  • The Customer's employees and contractors
  • The Customer's suppliers and business partners
  • Website visitors and platform users

3. Roles & Responsibilities

Customer (Data Controller)

  • Determines purposes and means of processing
  • Ensures lawful basis for processing
  • Provides clear processing instructions
  • Responds to Data Subject requests
  • Maintains records of processing activities

Zentiya (Data Processor)

  • Processes data only per instructions
  • Implements security measures
  • Assists with Data Subject requests
  • Notifies of data breaches
  • Maintains processing records

4. Processing Instructions

Zentiya shall process Personal Data only on documented instructions from the Customer, unless required to do so by applicable law. The Customer instructs Zentiya to process Personal Data for the following purposes:

  • Providing the retail management platform and related services
  • Processing transactions and managing inventory
  • Generating analytics and reports
  • Providing customer support
  • Maintaining and improving the platform
  • Complying with legal obligations

Note: If Zentiya believes that any instruction from the Customer violates Data Protection Laws, Zentiya will promptly inform the Customer and may suspend processing until the instruction is confirmed or amended.

5. Security Measures

Zentiya implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption

Data encrypted in transit and at rest using AES-256

Access Controls

Role-based access and multi-factor authentication

Monitoring

24/7 security monitoring and threat detection

Audits

Regular security audits and penetration testing

Training

Employee security awareness training

Infrastructure

Secure data centers with physical security

Certifications & Compliance

GDPRAES-256 EncryptionRegular Security Audits

6. Sub-processors

The Customer authorizes Zentiya to engage sub-processors to process Personal Data. Zentiya maintains a list of current sub-processors and will notify the Customer of any changes.

Sub-processorServiceLocation
Amazon Web ServicesCloud InfrastructureGlobal
StripePayment ProcessingUnited States
SendGridEmail ServicesUnited States
CloudflareCDN & SecurityGlobal

Objection Rights: The Customer has 30 days to object to the appointment of a new sub-processor on reasonable grounds relating to data protection. If the Customer objects, Zentiya will use reasonable efforts to make available a change in the services or recommend a commercially reasonable alternative.

7. International Transfers

Zentiya may transfer Personal Data to countries outside the European Economic Area (EEA). Where such transfers occur, Zentiya ensures appropriate safeguards are in place:

Standard Contractual Clauses

EU-approved SCCs for data transfers

Adequacy Decisions

Transfers to countries with adequate protection

Binding Corporate Rules

Internal data protection policies

Additional Safeguards

Encryption and access controls

8. Data Subject Rights

Zentiya will assist the Customer in responding to Data Subject requests to exercise their rights under Data Protection Laws, including:

Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object

Response Time: Zentiya will provide reasonable assistance to the Customer within 10 business days of receiving a request. The Customer remains responsible for responding to Data Subjects within the timeframes required by applicable law.

9. Data Breach Notification

Zentiya will notify the Customer without undue delay upon becoming aware of a Personal Data breach affecting the Customer's data. The notification will include:

  • Description of the nature of the breach
  • Categories and approximate number of Data Subjects affected
  • Categories and approximate number of Personal Data records affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact point for more information

Notification Timeline: Zentiya will notify the Customer within 72 hours of becoming aware of a Personal Data breach, or as soon as reasonably practicable.

10. Audit Rights

Zentiya will make available to the Customer information necessary to demonstrate compliance with this DPA and allow for and contribute to audits.

Audit Process

  1. 1Customer provides 30 days' written notice
  2. 2Audit conducted during business hours
  3. 3Zentiya may provide security audit reports and documentation
  4. 4Customer bears costs of audit
  5. 5Frequency limited to once per year unless breach occurs

11. Data Deletion

Upon termination or expiration of the Terms of Service, Zentiya will delete or return all Personal Data to the Customer, unless required by law to retain certain data.

Deletion Timeline

  • Customer data available for export for 30 days after termination
  • Complete deletion within 90 days of termination
  • Backup copies deleted within 180 days
  • Certification of deletion provided upon request

12. Liability & Indemnification

Each party's liability under this DPA is subject to the limitations and exclusions of liability set forth in the Terms of Service.

Customer Liability

The Customer is liable for compliance with Data Protection Laws in its use of the services and for providing lawful processing instructions to Zentiya.

Zentiya Liability

Zentiya is liable for compliance with its obligations as a Data Processor under this DPA and applicable Data Protection Laws.

13. Term & Termination

This DPA will remain in effect for as long as Zentiya processes Personal Data on behalf of the Customer under the Terms of Service.

Termination Effects

  • Zentiya will cease processing Personal Data
  • Customer may export data within 30 days
  • Zentiya will delete or return all Personal Data
  • Obligations survive termination as required by law

14. Contact Information

For questions or concerns regarding this Data Processing Agreement, please contact:

Data Protection Officer

Address

Zentiya by LTK Soft Pvt Ltd
#79/3, Outer Ring Road, Bellandur
Bangalore, Karnataka 560103
India

Legal Department

Acknowledgment

By using Zentiya's services, the Customer acknowledges that they have read, understood, and agree to be bound by this Data Processing Agreement.

This DPA is incorporated into and forms part of the Terms of Service between the Customer and Zentiya.

Effective Date: January 1, 2025

Version: 1.0